Sentry Installation

Sentry enables role-based, fine-grained authorization for HiveServer2 and Impala. It provides classic database-style authorization for Hive and Impala. For more information, and
instructions on configuring Sentry for Hive and Impala, see The Sentry Service.

Installing Sentry

Use the following the instructions, depending on your operating system, to install the latest version of Sentry.
Important:Configuration files

If you install a newer version of a package that is already on the system, configuration files that you have modified will remain intact.

If you uninstall a package, the package manager renames any configuration files you have modified from <file> to <file>.rpmsave. If you then re-install the package (probably to install a new version) the package manager creates a new <file> with
applicable defaults. You are responsible for applying any changes captured in the original configuration file to the new configuration file. In the case of Ubuntu and Debian upgrades, you will be
prompted if you have made changes to a file for which there is a new version. For details, see Automatic handling of configuration files by dpkg.

OS

Command

RHEL

$ sudo yum install sentry

SLES

$ sudo zypper install sentry

Ubuntu or Debian

$ sudo apt-get update;
$ sudo apt-get install sentry

Upgrading Sentry

Upgrading from CDH 5.x to the Latest CDH 5

Stop the Sentry Service

To stop the Sentry service, identify the PID of the Sentry Service and use the kill command to end the process:

For CDH 5.5 and higher: The newer releases include password encryption which means you can no longer run schematool as it
requires a plaintext password. Password encryption is an important part of security and Sentry defaults to using the CredentialProvider API to accomplish this. Cloudera recommends you use Cloudera
Manager to upgrade the Sentry database instead.

However, if using Cloudera Manager is not an option, and scehmatool is required, to work around the default encryption, obtain the password in plaintext
from the API, open sentry-site.xml and manually set the sentry.store.jdbc.password property to use the plaintext password, and remove the
hadoop.security.credential.provider.path property and its value. You should now be able to run schematool.